I will be building a network which I will be using Mikrotik to support, but could do with some advice on router sizing. Switching is straight forward but not sure about which ccr routers will be up to the task. I plan to have the following configuration;
Two networks classes;
- Office with 400 GbE clients sat across 10 sub-net/10 vlans supporting standard office applications, internet applications, youtube/facebook etc.... all sat within a single VRF.
- Experimental networks (between 10-100). Generally lower bandwidth applications than the office network. Each experimental net will have own subnet/vlan within own vrf to provide isolation from one another.
Experimental networks should be accessible from Office network but generally not the other way around. On a case by case base an experimental network may need access to office network but this would be exceptional. So would need some route leaking and firewalling been office and experimental.
All network will sit in a shared address space with part allocated for Office subnetting and part allocated to experimental network subnetting so I do not have to worry about any overlaps when routing between.
Access to internet will be provided by means of 10Gb uplink (two, one for redundancy). Main natting and Internet Firewalling provided by provider. The two classes of network will have there own independent uplink gateway.
Some public address space (/24) will also be avaliable for some exceptional natting of experimental networks where access from the internet (port forwarding) is needed.
DHCP would be provided elsewhere relayed by router. I will need to do the standard traffic monitoring/logging so will need to export flows.
Would two CCR1036 (one for each class) be up to the job or would a CCR1016 handle it? Or should I be thinking CCR1072? Or would you simplify and just have one route to support both classes? I will be running VRRP so will double up.
The work load should mostly be routing, with some firewalling between local subnets, some exceptional natting - The bulk of the firewalling/natting being managed upstream.
Any advice would be appreciated.